At RSA Conference, Unlikely Allies Address Value of Digital Security – New York Times

What surprised many of those attending the RSA Conference was the nuanced tone of former government officials who spoke at the event.Credit Jim Wilson/The New York Times

SAN FRANCISCO â To Amit Yoran, a digital security veteran, the fight between Apple and the F.B.I. over access to an iPhone can be viewed in black-and-white terms: What law enforcement authorities want is âso misguided, they simply boggle the mind.â

Speaking to an audience of computer security professionals at the RSA Conference, Mr. Yoran, who heads the RSA Security division of the data-storage provider EMC, explained his exasperation with officials who he says want to weaken the data protection in computer products despite the growing threat of hackers and other attacks.

âSuch a policy would harm U.S. economic interests on an already suspicious world stage, as well as unconscionably undermine those trying to defend our digital environments in every industry,â said Mr. Yoran, who was the cybersecurity czar at the Department of Homeland Security for a little more than a year, ending in 2004.

Mr. Yoranâs strong take on Appleâs confrontation with the F.B.I. might be expected of someone in the tight-knit security world. Indeed, it was a typical refrain of conference attendees who see the dispute as an extension of the decades-long struggle between the tech industry and government over encryption.

The technology company has been locked in a major legal battle against law enforcement officials over privacy and security.

But what surprised many of the about 40,000 people attending the RSA Conference, the worldâs largest gathering of security experts, this week was the nuanced, industry-friendly tone of former government officials who spoke at the event.

Michael Chertoff, the former director of Homeland Security under George W. Bush and an author of the Patriot Act, said it would be a mistake to sacrifice tough security to âgive authorities admittedly important access to certain types of phones or data.â

And strong security will become even more important in the coming years as Internet-connected technology spreads from smartphones and computers to home heating systems, streetlights, the electrical grid and much more, said Mr. Chertoff, who is now executive chairman of a risk-management and consulting organization.

âAttacks on control systems can have loss of life, and encryption is going to be a key element in a strategy to secure all of this going forward,â he told an audience.

The F.B.I. wants Appleâs help bypassing the password mechanism of an iPhone that belonged to one of the attackers in Decemberâs mass shooting in San Bernardino, Calif. Apple is resisting a court order requiring its assistance, and a crowd of tech companies have filed court briefs in support of Appleâs stance.

To many in tech, the iPhone fight is a reminder of the 1990s, when the government unsuccessfully argued for a so-called back door to encryption called the Clipper chip. The encryption debate was reignited by the widespread government monitoring of Internet traffic that was revealed in documents leaked in 2013 by the former government contractor Edward J. Snowden.

Mr. Snowdenâs revelations added urgency to the adoption of tougher security and encryption at Silicon Valleyâs technology companies, including Apple, which added an encryption system in 2014 that made it impossible for the company to extract data off a customerâs phone without the ownerâs password, even when compelled to by court order.

Security experts now worry that if Apple is required to create software to bypass its password system, it will be a precursor to many more government requests. They also worry that once Apple writes that code, it will show the worldâs spies, terrorists and hackers how to bypass its password security.

âNumerous governments are going to come a-calling for their bite of the apple,â said Nuala OâConnor, president of the Center for Democracy and Technology, a tech policy group. âOnce itâs created, you canât unwrite that code.â

Photo

Many RSA conference attendees saw the dispute between Apple and the F.B.I. as an extension of a decades-long struggle.Credit Shawn Thew/European Pressphoto Agency

The tech industry has other unlikely allies in this debate.

J. Michael McConnell, a director of the National Security Agency in the 1990s, was once an advocate of the Clipper chip. But he said at the RSA Conference that he changed his mind after joining the private sector and Booz Allen Hamilton, a military consultancy, where he said he had yet to examine any computer of consequence that had not been hacked by Chinese spies.

âWhen you understand that level of extraction of intellectual property,â Mr. McConnell said, âitâs logical that ubiquitous encryption is something the nation needs to have.â

There is, of course, a business rationale for these concerns. The United States hardly has a monopoly on encryption technology. Consumers can pick from around 800 encryption tools from 55 countries. Some in the security business worry they will lose badly to competitors in other countries if it becomes clear the United States government has a way around their systems.

âThe moral, economic, strategic and technical leadership of the United States is at stake here,â Dan Kaminsky, a well-respected security researcher, wrote in Wired in a piece timed with the conference. âWhoever masters making a secure, digital world not just possible, but practical, will own the next Silicon Valley.â

Others at the conference, including James A. Lewis, a leading digital strategist at the Center for Strategic and International Studies, a bipartisan research group in Washington, said the iPhone debate was the start of a much larger discussion about the use of end-to-end encryption. That is, technology that protects data behind cyphers at every point.

He said this technology would make it difficult for corporations to see what employees were doing and for financial regulators to see what Wall Street was doing. It would, he added, put a veil over nearly everything.

Mr. Lewis argued for a system not unlike Googleâs, which has deployed encryption but, unlike Appleâs encryption scheme, has yet to make it unrecoverable to authorities.

âEnd-to-end encryption does not make you safer, it creates legal problems,â Mr. Lewis said. âThatâs what weâre really fighting about.â

But most at the conference disagreed with that premise.

âWeâre not going to stop this technology,â Mr. McConnell said. âItâs already available in parts of the world.â

A version of this article appears in print on March 5, 2016, on page B1 of the National edition with the headline: Digital Security Experts Find Unlikely Allies in Ex-Officials.